FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Encrypt / Decrypt data from uboot using CAAM

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Encrypt / Decrypt data from uboot using CAAM

‎05-12-2016 07:38 AM
3,808 Views
jdepedro
Contributor IV

I would like to use the CAAM on the i.MX6Q to encrypt/decrypt data from uboot, using any available encryption protocol (I understand you can use AES 128-bit, 192-bit or 256-bit) and the OTPMK as key. That is, like the dek_blob is done. How can that be done?

I have seen some constructor for job descriptors available in drivers/crypto/fsl/jobdesc.c. I assume it would be necessary to create new job descriptor constructors for AES encryption and AES decryption which would use a src pointer, dst pointer and uint32_t data length.

However ensambling a job descriptor seems complicated and error prone. Is there any examples about how to do that?

0 Kudos
Reply
5 Replies

‎10-17-2016 12:35 PM
2,573 Views
robertlubas
Contributor II

Hi Jose,

Did you consider to use the black/red key blob from external memory? There is an implementation but resides in the kernel.

Do you have any experience with that?

Regards,

Robert Lubaś

0 Kudos
Reply

‎05-12-2016 06:00 PM
2,573 Views
igorpadykov
NXP Employee
NXP Employee

Hi jdepedro

please look at below links

Build the key blob generation utility with the Platform SDK

Generate the Encrypted U-boot v2014.04

DEK blob generator command for u-boot-imx

Best regards

igor

-----------------------------------------------------------------------------------------------------------------------

Note: If this post answers your question, please click the Correct Answer button. Thank you!

-----------------------------------------------------------------------------------------------------------------------

0 Kudos
Reply

‎05-13-2016 12:18 AM
2,573 Views
jdepedro
Contributor IV

Hi  igorpadykov,

Thanks for those post, I have already read them, though. What I am looking for, is a way to encrypt / decrypt data from uboot using the OTPMK. dek blobing does not work for me because

* It is not a encryption (it generates a key, encrypt that key with the OTPKM, and encrypt the DEK with the generated key)

* It only works for some data lenghts

* It is not reversible on uboot (it is reversible in theory, but it is not implemented, right?)

What I want is to use the CAAM from uboot to encrypt/decrypt any data using AES-128/192 or 256 and the OTPMK as key. Is that possibe? How to do that?

0 Kudos
Reply

‎08-22-2017 07:23 AM
2,573 Views
terateller
Contributor II

Hi, any update on this?

Can we use CAAM via uboot to use OTPMK to generate keys to encrypt/decrypt images?

Thanks

0 Kudos
Reply

‎05-13-2016 02:06 AM
2,573 Views
igorpadykov
NXP Employee
NXP Employee

unfortunately caam is not offically supported in uboot.

It may be suggested to use NXP Professional Services:

http://www.nxp.com/support/nxp-professional-services:PROFESSIONAL-SERVICE

Best regards

igor

0 Kudos
Reply